On Tue, Sep 07, 2010 at 10:11:12PM +0800, Herbert Xu wrote: > FWIW I don't care about user-space using kernel software crypto at > all. It's the security people that do. And since when did we care about their crack pipe dreams? > The purpose of the user-space API is to export the hardware crypto > devices to user-space. This means PCI devices mostly, as things > like aesni-intel can already be used without kernel help. I don't think they matter in practice. We have less than a handfull of drivers for them, and with CPUs gaining proper instructions they are even less useful. In addition any sane PCI card should just allow userspace mapping of their descriptors. > Now as a side-effect if this means that we can shut the security > people up about adding another interface then all the better. But > I will certainly not go out of the way to add more crap to the > kernel for that purpose. So what is the real use case for this? In addition to kernel bloat the real fear I have is that the security wankers will just configure the userspace crypto libraries to always use the kernel interface just in case, and once that happens we will have to deal with the whole mess. Especially for RHEL and Fedora where the inmantes now run the asylum in that respect. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html